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IN THE CLAIMS: 



1 1 . (Original) A method for creating and maintaining a plurality of virtual servers within 

2 a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server; 

4 and 

5 enabling controlled access to the resources using logical boundary checks and se- 

6 curity interpretations of those resources within the server. 

1 2. (Original) The method of Claim 1 wherein the step of partitioning comprises the steps 

2 of: 

3 allocating dedicated resources of the server to each instance of the virtual server; 

4 and 

5 sharing common resources of the server among all of the virtual servers. 

1 3. (Original) The method of Claim 2 wherein the dedicated resources are units of storage 

2 and network addresses of network interfaces of the server. 



1 4. (Original) The method of Claim 3 wherein the common resources are an operating sys- 

2 tern and a file system of the server. 

1 5. (Original) The method of Claim 4 wherein the server is a filer and wherein the virtual 

2 servers are virtual filers (vfilers). 



1 6. (Previously Presented) A method for creating and maintaining a plurality of virtual 

2 servers within a server, the method comprising the steps of: 
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3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 enabling controlled access to the resources using logical boundary checks and se- 

8 curity interpretations of those resources within the server; and 

9 providing a vfiler context structure including information pertaining to a security 

10 domain of the vfiler. 

1 7. (Original) The method of Claim 6 wherein the step of allocating comprises the step of 

2 providing a vfstore list of the vfiler context structure, the vstore list comprising pointers 

3 to vfstore soft objects, each having a pointer that references a path to a unit of storage al- 

4 located to the vfiler. 

1 8. (Original) The method of Claim 7 wherein the step of allocating further comprises the 

2 step of providing a vfhet list of the vfiler context structure, the vfnet list comprising 

3 pointers to vfhet soft objects, each having a pointer that references an interface address 

4 data structure representing a network address assigned to the vfiler. 

1 9. (Original) The method of Claim 8 wherein the step of enabling further comprises the 

2 step of performing a vfiler boundary check to verify that a vfiler is allowed to access cer- 

3 tain storage resources of the filer. 

1 10. (Original) The method of Claim 9 wherein the step of performing comprises the step 

2 of validating a file system identifier and qtree identifier associated with the units of stor- 

3 age. 

1 11. (Original) The method of Claim 10 wherein the step of performing further comprises 

2 the steps of: 
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3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the vfiler is authorized to access the unit of storage; 

5 if the vfiler is not authorized to access the requested unit of storage, immediately 

6 denying the request; 

7 otherwise, allowing the request; and 

8 generating file system operations to process the request. 

1 12. (Original) A system adapted to create and maintain a plurality of virtual servers 

2 within a server, the system comprising: 

3 storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 network interfaces assigned one or more network address resources, the network 

6 address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system; and 

10 a processing element coupled to the network interfaces and storage media, and 

n configured to execute the operating and file systems to thereby invoke network and stor- 

12 age access operations in accordance with results of the boundary check of the file system. 

1 13. (Previously Presented) A system adapted to create and maintain a plurality of virtual 

2 servers within a server, the system comprising: 

3 storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 network interfaces assigned one or more network address resources, the network 

6 address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system; 
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10 a context data structure provided to each virtual server, the context data structure 

1 1 including information pertaining to a security domain of the virtual server that enforces 

12 controlled access to the allocated and shared resources; and 

13 a processing element coupled to the network interfaces and storage media, and 

14 configured to execute the operating and file systems to thereby invoke network and stor- 

15 age access operations in accordance with results of the boundary check of the file system. 

1 14. (Original) The system of Claim 13 wherein the units of storage resources are volumes 

2 and qtrees. 

1 15. (Original) The system of Claim 14 further comprising a plurality of table data struc- 

2 tures accessed by the processing element to implement the boundary check, the table data 

3 structures including a first table having a plurality of first entries, each associated with a 

4 virtual server and accessed by a file system identifier (fsid) functioning as a first key into 

5 the table, each first entry of the first table denoting a virtual server that completely owns 

6 a volume identified by the fsid. 

1 1 6. (Original) The system of Claim 1 5 wherein the table data structures further include a 

2 second table having a plurality of second entries, each associated with a virtual server and 

3 accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), each sec- 

4 ond entry of the second table denoting a virtual server that completely owns a qtree iden- 

5 tified by the fsid and qtreeid. 

1 17. (Original) The system of Claim 16 wherein the server is a filer and wherein the vir- 

2 tual servers are virtual filers. 

1 18. (Original) Apparatus adapted to create and maintain a plurality of virtual filers (vfil- 

2 ers) within a filer, the apparatus comprising: 

3 means for allocating dedicated resources of the filer to each vfiler; 
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4 means for sharing common resources of the filer among all of the vfilers; and 

5 means for enabling controlled access to the dedicated and shared resources using 

6 logical boundary checks and security interpretations of those resources within the server. 

1 19. (Original) The apparatus of Claim 18 wherein the means for enabling comprises 

2 means for performing a vfiler boundary check to verify that a vfiler is allowed to access 

3 certain dedicated resources of the filer. 



1 20. (Previously Presented) Apparatus adapted to create and maintain a plurality of virtual 

2 filers (vfilers) within a filer, the apparatus comprising: 

3 means for allocating dedicated resources of the filer to each vfiler; 

4 means for sharing common resources of the filer among all of the vfilers; and 

5 means for enabling controlled access to the dedicated and shared resources using 

6 logical boundary checks and security interpretations of those resources within the 

7 server and for providing a vfiler context structure including information pertain- 

8 ing to a security domain of the vfiler. 

1 21 . (Previously Presented) A computer readable medium containing executable program 

2 instructions for creating and maintaining a plurality of virtual filers (vfilers) within a filer, 

3 the executable program instructions comprising program instructions for: 

4 allocating dedicated resources of the filer to each vfiler; 

5 sharing common resources of the filer among all of the vfilers; and 

6 enabling access to the dedicated and shared resources using logical boundary 

7 checks and security interpretations of those resources within the server. 



1 22. (Original) The computer readable medium of Claim 21 wherein the program instruc- 

2 tion for enabling comprises a program instruction for performing a vfiler boundary check 

3 to verify that a vfiler is allowed to access certain dedicated resources of the filer. 
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1 23. (Previously Presented) A computer readable medium containing executable program 

2 instructions for creating and maintaining a plurality of virtual filers (vfilers) within a filer, 

3 the executable program instructions comprising program instructions for: 

4 allocating dedicated resources of the filer to each vfiler; 

5 sharing common resources of the filer among all of the vfilers; and 

6 enabling access to the dedicated and shared resources using logical boundary 

7 checks and security interpretations of those resources within the server and ^providing a 

8 vfiler context structure including information pertaining to a security domain of the 

9 vfiler. 

1 24. (Previously Presented) Electromagnetic signals propagating on a computer network 

2 containing executable program instructions for creating and maintaining a plurality of 

3 virtual filers (vfilers) within a filer, the executable program instructions comprising pro- 

4 gram instructions for: 

5 allocating dedicated resources of the filer to each vfiler; 

6 sharing common resources of the filer among all of the vfilers; and 

7 enabling access to the dedicated and shared resources using logical boundary 

8 checks and security interpretations of those resources within the server. 

1 25. (Previously Presented) Electromagnetic signals propagating on a computer network 

2 containing executable program instructions for creating and maintaining a plurality of 

3 virtual filers (vfilers) within a filer, the executable program instructions comprising pro- 

4 gram instructions for: 

5 allocating dedicated resources of the filer to each vfiler; 

6 sharing common resources of the filer among all of the vfilers; and 

7 enabling access to the dedicated and shared resources using logical boundary checks and 

8 security interpretations of those resources within the server and providing a vfiler context 

9 structure including information pertaining to a security domain of the vfiler. 
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